#!/bin/sh /etc/rc.common
# Copyright (C) 2006 OpenWrt.org

START=60
STOP=60

SERVICE_USE_PID=1

NFS_D=/var/lib/nfs
LOCK_D=$NFS_D/sm
NFS_EXPORT=$NFS_D/exports

mask2cdr ()
{
   # Assumes there's no "255." after a non-255 byte in the mask
   local x=${1##*255.}
   set -- 0^^^128^192^224^240^248^252^254^ $(( (${#1} - ${#x})*2 )) ${x%%.*}
   x=${1%%$3*}
   echo $(( $2 + (${#x}/4) ))
}

IPT=/usr/sbin/iptables

nfsd_iptables_add() {
      IF_LAN=$(uci get network.lan.ifname)
      NET_LAN_IP=$(uci get network.lan.ipaddr)
      NETMASK=$(uci get network.lan.netmask)
      NET_LAN=$NET_LAN_IP/$(mask2cdr $NETMASK)
      
      $IPT -A INPUT -j ACCEPT -i eth0.1 -s $NET_LAN -p tcp --dport 111 -m comment --comment "portmap"
      $IPT -A INPUT -j ACCEPT -i eth0.1 -s $NET_LAN -p udp --dport 111 -m comment --comment "portmap"
      $IPT -A INPUT -j ACCEPT -i eth0.1 -s $NET_LAN -p tcp --dport 32777:32780 -m comment --comment "nfsd"
      $IPT -A INPUT -j ACCEPT -i eth0.1 -s $NET_LAN -p udp --dport 32777:32780 -m comment --comment "nfsd"
      $IPT -t raw -A INPUT -i $IF_LAN -s $NET_LAN -p tcp --dport 32777:32780 -j CT --notrack -m comment --comment "dont_track_nfs"
      $IPT -t raw -A INPUT -i $IF_LAN -s $NET_LAN -p udp --dport 32777:32780 -j CT --notrack -m comment --comment "dont_track_nfs"
      $IPT -t raw -A OUTPUT -o $IF_LAN -d $NET_LAN -p tcp --dport 32777:32780 -j CT --notrack -m comment --comment "dont_track_nfs"
      $IPT -t raw -A OUTPUT -o $IF_LAN -d $NET_LAN -p udp --dport 32777:32780 -j CT --notrack -m comment --comment "dont_track_nfs"
}

iptables_remove() {
      $IPT --table $1 -S|grep -E "$2"|sed 's/^-A //'|while read rule;do $IPT --table $1 -D $rule;done
}

nfs_add_share() {
	local name
	local path
	local enable
	local iprange
	local options

	config_get name $1 name
	config_get path $1 path
	config_get iprange $1 iprange
	config_get enable $1 enable
	config_get options $1 options
	
	[ -n "$iprange" ] || iprange="*"
	[ -n "$options" ] || options="ro,all_squash,insecure,sync"
	
    [ $enable == 1 ]&&{
        [ -z "$path" ] && return
    
        echo -e "$path $iprange($options)" >> $NFS_EXPORT
    }

}


start() {
        
        nfsd_iptables_add
        
nfsenable=$(uci get nfsd.@nfsd[0].enable)
[ $nfsenable = 1 ]&&{ 

  mkdir -p $NFS_D
  echo "" > $NFS_EXPORT
  
  [[ z$(readlink -f "/etc/exports") != z$NFS_EXPORT ]] && \
    ( rm -rf /etc/exports ; ln -s $NFS_EXPORT /etc/exports )
  
	config_load nfsd
	config_foreach nfs_add_share nfsshare
  /etc/init.d/portmap restart	
	grep -q /proc/fs/nfsd /proc/mounts || \
		mount -t nfsd nfsd /proc/fs/nfsd
	mkdir -p $NFS_D
	mkdir -p $LOCK_D
	touch $NFS_D/rmtab

        sysctl -w fs.nfs.nlm_tcpport=32777 fs.nfs.nlm_udpport=32777 > /dev/null
	service_start /usr/sbin/rpc.statd -p 32778 -o 32779
	/usr/sbin/exportfs -r
	/usr/sbin/rpc.nfsd
	SERVICE_WRITE_PID=1 \
	SERVICE_DAEMONIZE=1 \
	service_start /usr/sbin/rpc.mountd -p 32780 -F
	}
}

stop() {
	service_stop /usr/sbin/rpc.mountd
	rpc.nfsd 0 2> /dev/null
	/usr/sbin/exportfs -au
	service_stop /usr/sbin/rpc.statd
	grep -q /proc/fs/nfsd /proc/mounts && \
		umount /proc/fs/nfsd
		
	iptables_remove filter "nfsd"
	iptables_remove filter "portmap"
	iptables_remove raw "dont_track_nfs"
}

reload() {
	/usr/sbin/exportfs -r
}

